My blog has moved! Please visit the new blog at: https://blog.steveendow.com/
I will no longer be posting to Dynamics GP Land, and all new posts will be at https://blog.steveendow.com
Thanks!

Friday, February 5, 2010

Tracking down a GP 10 security task that is granting unwanted access to a window

I don't spend a whole lot of time in GP 10 security. I appreciate the design of the new security model, but I find configuring the security roles and tasks tedious, so I'm thankful I don't have to deal with it often.

GP 2010 does have some enhancements that will make configuring GP security easier, but for those still on GP 10, you are limited in your ability to research certain security settings.

I recently fielded a question about GP 10 security where the user was looking to remove access to specific SmartLists, but he was unable to determine which security Task in his Role was granting the access. He had unchecked all of the tasks that seemed obvious, but the SmartList was still visible to the user.

After poking around, I saw that the SmartLists were not assigned via separate, discrete Tasks--they were assigned to Tasks that provided access to other types of objects.

Below is one approach to figure out which security Tasks grant access to specific GP objects. In my example, I'm trying to figure out which security Tasks provide access to the Accounts and Multidimensional Analysis SmartLists, but you can use the same technique to track down almost any other GP object.

There may be other ways to figure this out, but this is what I came up with, which was quick and simple.

This quicky tells me all of the Tasks that provide access to those SmartLists, so now I can go back to my Role and determine how I want to remove access.

I could uncheck all four of the Tasks, which will do the trick, but it may also remove access to windows that the user should be able to access.

Another approach would be to modify those Tasks to remove access to the two SmartLists. This would also work, but any other users that rely on those Tasks to view the Accounts and Multidimensional SmartLists would lose access as well. In that case you can create a new tasks that gives access to those SmartLists, and add that task to a new or existing role for users that need access.